A to-be-officially-confirmed-as-Data & Leads told Sky Brasil and Urban to “hold my beer” and went all out with a multi-week exposure of data related to 57 million US citizens.

While security researchers noted in the respective articles have aided in preventing the further exposure of this data, the lack of any due diligence by the individuals or organizations that provided a smorgasbord of freely available intel for adversaries is incredibly frustrating. By publishing volumes of data without basic “Day 1” security principles or controls, events that occur due to staff not taking the time to RTFM or to engage with peers that may have experience with a given platform will continue to result in unfettered access to potentially sensitive data.

In events such as those that have transpired with Dunkin’ Donuts and Dell, considerable efforts were required to facilitate access to the noted systems of these respective companies. These organizations didn’t leave the door wide open as Urban, Sky Brasil, and the to-be-confirmed-as-Data & Leads organizations chose to do with their ElasticSearch solutions.